UFOs and Mobile Malware - How Retaliation Against a Source Led Me to iVerify
For the past year and a half, I’ve been on one of the wildest adventures of my life, writing a book on UFOs and UAP. It has taken me through a painstaking process of finding and connecting with people who may hold valuable information for my work. These contacts include Ivy League academics, former presidential advisors, current and former high level military officers, congressional staffers, aerospace executives and researchers, as well as members of the UAP Task Force—both those who have come forward publicly and those who haven’t.
Transparency: I have NOT been paid for this blog post and have no financial benefit from it. It was a real world problem that a company solved that is accessible to the masses which is rarely the norm in our industry.
Many of these sources frequently deal with sensitive, and in some cases, classified information. Naturally, the idea of their phones being compromised by foreign adversaries or malicious actors is a serious concern—not just for them but also for the integrity of the research I’m conducting.
Unfortunately, during the course of my work, I encountered a situation involving exactly that. While I can’t share every detail to protect the source’s privacy, this account has been shared with their permission and was reported to law enforcement.
As a security researcher, my focus has historically been on almost everything except mobile devices. While I’m confident I could learn to use various mobile forensics tools, I’m also aware enough to know that I’m not an expert in this area. If I believed one of my sources might actually be compromised, I would want someone with more knowledge to handle it—someone who wouldn’t inadvertently complicate future investigations. With this in mind, I set out to find a friend, colleague, or company that could help me on a one-off basis without charging an arm and a leg as groups such as CitizenLab are not able to help everyone.
Apparently No One Knows Mobile Forensics
I’m fortunate to attend a variety of conferences such as DEF CON, Black Hat, and others. I actively engage in professional communities online and am part of a few private Slack and Discord channels where security researchers collaborate across different companies. Despite having a fairly extensive professional network—including SANS instructors and many other well-respected professionals in the industry—I didn’t directly know a single person well-versed enough in mobile forensics to help. The only recommendations I received were for some well-known MSSPs and providers who could assist, and for services such as Citizen's Lab (which does wonderful work) which I didn't hear back from.
I was honestly shocked. Mobile devices are such an integral part of our lives, yet finding someone with expertise in mobile forensics proved surprisingly difficult. (Side note: if you’re considering a career in cybersecurity, this is an area worth exploring. But I digress.)
How I Came Across iVerify
Back in 2019, Dan Guido, the founder of Trail of Bits—a company renowned for secure code audits on some of the most high-profile products—was in the audience of a Black Hat talk titled "The 2019 Discovery of Quasi-Prime Numbers: What Does This Mean For Encryption?". The speaker was presenting on a concept referred to as Time AI, which many found dubious. During the talk, Dan Guido stood up and publicly challenged the speaker, accusing them of endangering people with fraudulent claims. As reported in this Vice article, Guido said, “They’re scamming people. They’re here to use Black Hat to trick people into giving them money. It’s fraud.”
This moment stuck with me. In an industry often plagued by snake oil and flashy but ineffective security products, Guido’s actions stood out as an example of integrity. At the time, Trail of Bits owned and operated iVerify, and this reputation made me curious enough to download the app and check it out. I was impressed—though in its early days, iVerify primarily guided users through hardening their devices rather than detecting malicious activity, a number of which I did not know about.
Fast forward a couple of years, and iVerify has since been spun off into its own company. The app has expanded significantly, now offering features like a mobile "EDR" and even Threat Hunting services which caught my eye. While I'm sure the mobile EDR is fine, I've only tested the Threat Hunting capability.
I decided to try it out myself before recommending it to anyone else, as well as talk to iVerify to get some information about the data storage—and I’m happy to say it turned out to be exactly what I needed!
How It Works and Why It’s Different
The app guides users through generating a system diagnostics dump and uploading it to iVerify for analysis. This dump, stripped of all personally identifiable information (PII), undergoes a combination of automated and manual analysis. Because of its use of diagnostic data—which provides far more detailed device information than an app can access within its sandbox—iVerify is able to hunt for indicators of advanced threats effectively.
I was confident in its capability to detect advanced mobile malware as it had just recently successfully uncovered numerous new Pegasus infections. iVerify identified 7 infections across 2,500 unique devices—which is honestly way more than I'd expect... especially with that being only Pegasus related infections.
The app maintains a strong focus on user privacy. Uploaded diagnostic data is stored for only 90 days. If new indicators of compromise (IoCs) are discovered during that time, iVerify retroactively analyzes your data to ensure those IoCs are not present before the data is permanently deleted.
Closing Kudos
iVerify addressed a significant security challenge in a way that’s accessible to the average person, something rare in the industry. The app’s roots in Trail of Bits, a company known for developing secure applications, give it a strong foundation of credibility. Knowing it was founded by someone with integrity, like Dan Guido, further reassures me about recommending it to others.
TL;DR: iVerify is a tool that solved a very real problem for me and is something that I feel that I can confidently recommend to others in similar situations.